In the claims 

Please add or amend the claims to read as follows and cancel without prejudice claims 
marked as cancelled: 

1. (Cancelled) 

2. (Previously presented) The system of claim 21 further comprising of a filtering 
module installed at the at least one server for blocking unauthorized processes in 
accordance with determined authorization level. 

3. (Previously presented) The system of claim 21 further comprising at least one agent 
installed on the at least one server, said agent enables correlating between processes 
and sessions on different servers. 

4. (Currently amended) The system of claim 21, wherein each the additional process 
comprises a process information vector, wherein and the module associates the 
session ID identification code of the original session is add e d to the additional 
process by adding the session identification code to the information vector of eaeh 
process in tho soquonco rolatod to said original sossio n the additional process . 

5. (Currently amended) The system of claim 4 wherein the session identification code 
replaces redundant information in the process information vector. 

6. (Currently amended) The system of claim 21 wherein the processes operated by 
each original session are associated to the original session's sesfiion identification 
code t9-by a unique process identifier. 

7. (Currently amended) The system of claim 21 wherein the id e ntifi e d original 
session properties are sign in parameters. 

8. (Currently amended) The system of claim 21 wherein the id e ntifi e d original 
session properties are initial session type parameters. 

9. (Currently amended) The system of claim 21 wherein the id e ntifi e d o riginal 
session properties are hyperlink session address type parameters. 
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10. (Previously presented) The system of claim 21 wherein the original session is 
identified according to a unique Transmission Control Protocol (TCP) port ID, 

11. (Cancelled) 

12. (Currently amended) The method of claim 22 further comprising the step of 
filtering processes in accordance with the determined authorization level associated 
with the session iP -identification code o f each process. 

13. (Previously presented) The method of claim 22 further comprising the step of 
correlating between process and sessions on different servers within the server 
network environment. 

14. (Currently amended) The method of claim 22 wherein the process comprises a 
process information vector, and the association of the session tP -identitlcation code 
to the process original s e ssion and its r e lat e d process e s includ e s comprises the st e p 
ef-adding an identification code of the identified communication original session to 
the process information vector. 

15. (Previously presented) The method of claim 14 wherein the identification code 
replaces redundant information in the process information vector. 

16. (Previously presented) The method of claim 22 wherein the processes are 
associated to the original session by a unique process identifier. 

17. (Previously presented) The method of claim 22 wherein the original session 
properties are sign in parameters. 

18. (Previously presented) The method of claim 22 wherein the original session 
properties are initial session type parameters. 

19. (Previously presented) The method of claim 22 wherein the original session 
properties are hyperlink session address type parameters. 
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20. (Previously presented) The method of claim 22 wherein the original session is 
associated with a unique Transmission Control Protocol (TCP) port ID. 

21. (Currently amended) A security system for real tim e monitoring and controlling of 
comnumicQtion s e ssions within a network serv e r e nvironment, wher e in e ach original s e rssion 
enables operating a s e qu e nc e of proc e ss e s including op e rations carri e d out in th e s e rver 
environment, 

said system comprising: 

at least one a serve r having an operating system, said server enabling to 
communicates with a multiplicity of client users via at least one communication 
network, wherein the client users initiate original sessions, each of which operates a 
sequence of processes^ said sequence including one or more processes mnning on the 
operating svstem of the server, wher e in each client user enables accessijig portals and 
op e rating sessions in th e portals; and 

at least one module operated by said at least one server, 
wherein said at least one module e nabl e s associatesiag a session t&- identification 
code to fee -each original session of th e cli e nt us e r and to each process in the sequence 
of processes operated by said original session, wherein said session {©-identification 
code enables d e termining an authorization lovol of s e ssion in accordance with 
pr e d e fin e d d e t e rmination rules, wherein said determination rul e s ret < er to th e 
properties of the original session, wherein each session ID is related to the manner in 
which the client user has op e rat e d initiated the original sessio n and is associated with 
an authorization level. 

wherein e ach process in the sequ e nc e is associated, in real tim e , with the same session 
ID of the original session, enabling said modulo to continuously monitor op e ration of 
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e ach process of e ach cli e nt us e r, whilo th e at l e ast one the server e nabl e s operatesfflg 
the processes of each originQl sosaion in the sequence of processes according to the 
authorization level related to associated with the session4 & identification code . 

22. (Currently amended) A computer implemented method for reol time monitoring and 
controlling ef-communication sessions within a network server environment, wherein each 
original session e nabl e s operatestftg a sequence of processes^ including oporationo carried out 
in tho serv e r e nvironm e nt, 

said method comprising: 

- associating each original session with a session-4 & identification code , wher e in 
s aid session ID ; 

- associating the session ID identification code of the original session to each 
process in the sequence operated by the original sessio n, in real time ; 

- d e t e rmining associating an authorization level r e lated t o the session IB 
identification code in accordance with predefijied rules, wh e rein said rules ref e r to 
the properties of the original session; and 

- continuously monitoring and operating each process in the process sequence 

associat e d with the original s e ssion^ according to the authorization level relat e d 

associated t o the session4 D identification code, of each process 

wherein said sequence of processes includes operations carried out in the operating system of 

■ 

the server . 

23. (New) A security system comprising: 

- a server, which communicates with a multiplicity of client users via at least one 
communication network, wherein the client users initiate conmiunication sessions 
in one of specified manners, each of said conmiunication sessions operates a 
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sequence of processes comprising one or more processes that operates an 
additional process; and 
- at least one module which associates an ID to each communication session and to 
each additional process created by a process in the sequence of processes operated 
by said communication session, 

wherein said ID is indicative of an authorization level, 

wherein the authorization level is determined in accordance with the manner 
by which the conmiunication session is initiated by the client user, and 

wherein said server operates each additional process according to the 
authorization level indicated by the ID associated to the additional process by the 
module. 



24. (New) A method of monitoring and/or controlling a communication session within a 
network server environment, 

said method comprising: 

- associating the communication session with a session identification code; 
associating an authorization level to the session identification code; 

- associating the session identification code of the communication session at least to 
a child process, said child process been created by a process operated by the 
communication session; and 

- operating the child process according to the authorization level associated with the 
session identification code. 

25. (New) A method according to claim 24, wherein associating the session identification 
code to the child process comprises 

producing a hierarchical structure of processes at the kernel level; and 
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referring each process to the hierarchical tree said each process 

belongs to. 

26. (New) A method according to claim 24, wherein an authorization level is associated 
to the session identification code in accordance with the properties of the conununication 
session. 

27. (New) A security system according to claim 21, wherein one or more of said 
sequence of processes creates an additional process, and the additional process is associated 
with the session identification code. 

28. (New) A method according to claim 22, wherein one or more of said sequence of 
processes creates an additional process, and the additional process is associated with the 
session identification code. 
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